Posts by crossroad

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Forums front page is full of spam which has been posted several hours ago, making it look like an abandoned site.

Its not like all forums on internet face such spam, if they cannot make the registration/forum posting process better, they can at least get some volunteer moderators to help. I’m sure many users will be ready to do that for free. Please do something.

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Firefox is throwing this warning on all pages on themeforest

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

That means you will probably see a lot more of me on these forums

6 months = 2 posts

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

I cannot login, it says incorrect password but it is not. Is anyone else facing difficulties to login?

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

@LoveThemes:

IMO, this is pointless. As you see _e only echoes, it doesn’t do anything else. So if an attacker just want to ECHO anything why would he even need to target _e or php echo function? Why dont you just inject anything in the html?

Also check the Wordpress.org themes directory and see how many themese use esc_html_e instead of _e for the translation strings.

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Take this example of yours:
<span><?php _e('Written by:', 'virtuti'); ?> <?php the_author(); ?></span>
Now imagine a user compromised your site and managed to inject some malicious Javascript in there:
<span><?php _e('<script>BAD CODE</script>', 'virtuti'); ?> <?php the_author(); ?></span>

That script will execute when that page is loaded. BAD!

Using esc_html_e instead:
<span><?php esc_html_('Written by:', 'virtuti'); ?> <?php the_author(); ?></span>

There’s not even a single reference of that in the WordPress official codex, neither I could find any other link which tells that using _e is unsafe. Could you refer to some documentation?

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Thanks for the quick reply :)

306 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Does anyone know which text editor it is? Really liked the syntax highlighting colors:

by
by
by
by
by
by